Back to Details

stripe-reconcile

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Stripe Reconcile

Stripe 问题调和与修复

Fix issues identified by the audit.
修复审计检测到的问题。

Branching

分支管理

Assumes you start on 
master
/
main
. Before making code changes:
bash
git checkout -b fix/stripe-reconcile-$(date +%Y%m%d)
Configuration-only changes (env vars, dashboard settings) don't require a branch. Code changes do.
假设你从
master
/
main
分支开始。在进行代码更改前:
bash
git checkout -b fix/stripe-reconcile-$(date +%Y%m%d)
仅涉及配置的更改(如env vars、控制台设置)无需创建分支,代码更改则需要。

Objective

目标

Take audit findings and fix them. Configuration issues get fixed directly. Code issues get delegated to Codex.
根据审计结果修复问题。配置问题直接修复,代码问题委托给Codex处理。

Process

流程

1. Triage Findings
From the audit report, categorize:
Configuration fixes (do directly):
  • Missing env vars
  • Wrong webhook URL
  • Dashboard settings
Code fixes (delegate to Codex):
  • Missing trial_end handling
  • Idempotency implementation
  • Access control corrections
Design issues (may need stripe-design):
  • Wrong checkout mode
  • Missing webhook events
  • Architectural problems
2. Fix Configuration
For env var issues:
bash
undefined
1. 分类审计结果
从审计报告中,将问题分为以下类别:
配置修复(直接处理)
  • 缺失的env vars
  • 错误的webhook URL
  • 控制台设置问题
代码修复(委托给Codex)
  • 缺失trial_end处理逻辑
  • 幂等性实现问题
  • 访问控制修正
设计问题(可能需要stripe-design支持)
  • 错误的结账模式
  • 缺失webhook事件
  • 架构问题
2. 修复配置
针对env vars问题:
bash
undefined

Example: missing prod webhook secret

示例:缺失生产环境webhook密钥

npx convex env set --prod STRIPE_WEBHOOK_SECRET "whsec_..."

For webhook URL issues:
- Update in Stripe Dashboard
- Or use Stripe CLI: `stripe webhook_endpoints update <id> --url "https://..."`

Verify fixes immediately.

**3. Delegate Code Fixes to Codex**

For each code issue, create a focused Codex task:

```bash
codex exec --full-auto "Fix: [specific issue from audit]. \
Current code in [file]. Problem: [what's wrong]. \
Fix: [what it should do]. Reference [pattern file] for correct approach. \
Run pnpm typecheck after." \
--output-last-message /tmp/codex-fix.md 2>/dev/null
Then review: 
git diff --stat && pnpm typecheck
4. Verify Each Fix
After fixing, verify:
  • Configuration: 
    npx convex env list --prod | grep STRIPE
  • Webhook URL: 
    curl -I -X POST <url>
  • Code: 
    pnpm typecheck && pnpm test
5. Re-audit
After all fixes, run a quick re-audit to confirm issues resolved.
npx convex env set --prod STRIPE_WEBHOOK_SECRET "whsec_..."

针对webhook URL问题:
- 在Stripe控制台中更新
- 或使用Stripe CLI命令:`stripe webhook_endpoints update <id> --url "https://..."`

立即验证修复结果。

**3. 委托代码修复给Codex**

针对每个代码问题,创建一个聚焦的Codex任务:

```bash
codex exec --full-auto "Fix: [审计中发现的具体问题]. \
当前代码位于[文件路径]. 问题描述: [具体错误]. \
修复方案: [预期实现逻辑]. 参考[模式文件]中的正确实现方式. \
修复后运行pnpm typecheck." \
--output-last-message /tmp/codex-fix.md 2>/dev/null
然后进行审核:
git diff --stat && pnpm typecheck
4. 验证每个修复
修复完成后,进行验证:
  • 配置:
    npx convex env list --prod | grep STRIPE
  • Webhook URL:
    curl -I -X POST <url>
  • 代码:
    pnpm typecheck && pnpm test
5. 重新审计
所有修复完成后,运行快速重新审计以确认问题已解决。

Common Fixes

常见修复场景

Missing env var on prod
bash
npx convex env set --prod STRIPE_WEBHOOK_SECRET "$(printf '%s' 'whsec_...')"
(Use printf to avoid trailing newlines)
Webhook URL redirect Update to canonical domain in Stripe Dashboard. If 
example.com
redirects to 
www.example.com
, use 
www.example.com
.
Missing trial_end handling In checkout session creation, calculate remaining trial and pass to Stripe:
typescript
const trialEnd = user.trialEndsAt && user.trialEndsAt > Date.now()
  ? Math.floor(user.trialEndsAt / 1000)
  : undefined;
// Pass in subscription_data.trial_end
Missing idempotency Store 
lastStripeEventId
on user, check before processing webhook.
生产环境缺失env var
bash
npx convex env set --prod STRIPE_WEBHOOK_SECRET "$(printf '%s' 'whsec_...')"
(使用printf避免末尾换行符)
Webhook URL重定向问题 在Stripe控制台中更新为标准域名。如果
example.com
重定向到
www.example.com
,请使用
www.example.com
缺失trial_end处理逻辑 在创建结账会话时,计算剩余试用时间并传递给Stripe:
typescript
const trialEnd = user.trialEndsAt && user.trialEndsAt > Date.now()
  ? Math.floor(user.trialEndsAt / 1000)
  : undefined;
// 传入subscription_data.trial_end
缺失幂等性处理 在用户对象上存储
lastStripeEventId
,处理webhook前先进行检查。

Output

输出结果

For each finding:
  • What was fixed
  • How it was fixed
  • Verification result
Any remaining issues that couldn't be auto-fixed.
针对每个审计发现:
  • 修复的内容
  • 修复方式
  • 验证结果
以及所有无法自动修复的剩余问题。